Merge pull request #485 from mhaskel/merge_1.4.x_to_master

Merge 1.4.x to master

Author: cmurphy

CHANGELOG.md

@@ -1,3 +1,21 @@
+##2015-01-27 - Supported Release 1.4.0
+###Summary
+
+This release includes physdev support, the ability to look up usernames from uuid, and a number of bugfixes
+
+####Features
+- Add `netmap` feature
+- Add `physdev` support
+- Add ability to look up username from uuid (MODULES-753, MODULES-1688)
+
+####Bugfixes
+- Sync iptables/ip6tables providers (MODULES-1612)
+- Fix package names for Amazon and Ubuntu 14.10 (MODULES-1029)
+- Fix overly aggressive gsub when `ensure => absent` (MODULES-1453)
+- Unable to parse `-m (tcp|udp)` rules (MODULES-1552)
+- Fix ip6tables provider when `iptables-ipv6` package isn't installed for EL6 (MODULES-633)
+- Test fixes
+
 ##2014-12-16 - Supported Release 1.3.0
 ###Summary
 

README.markdown

@@ -339,12 +339,12 @@ This type enables you to manage firewall rules within Puppet.
 
  * `ip6tables`: Ip6tables type provider
     * Required binaries: `ip6tables-save`, `ip6tables`.
-    * Supported features: `connection_limiting`, `dnat`, `hop_limiting`, `icmp_match`, `interface_match`, `ipsec_dir`, `ipsec_policy`, `ipset`, `iptables`, `isfirstfrag`, `ishasmorefrags`, `islastfrag`, `log_level`, `log_prefix`, `mark`, `mask`, `owner`, `physdev_in`, `physdev_out`, `pkttype`, `rate_limiting`, `recent_limiting`, `reject_type`, `snat`, `socket`, `state_match`, `tcp_flags`.
+    * Supported features: `address_type`, `connection_limiting`, `dnat`, `hop_limiting`, `icmp_match`, `interface_match`, `iprange`, `ipsec_dir`, `ipsec_policy`, `ipset`, `iptables`, `isfirstfrag`, `ishasmorefrags`, `islastfrag`, `log_level`, `log_prefix`, `mark`, `mask`, `owner`, `pkttype`, `rate_limiting`, `recent_limiting`, `reject_type`, `snat`, `socket`, `state_match`, `tcp_flags`.
 
 * `iptables`: Iptables type provider
     * Required binaries: `iptables-save`, `iptables`.
     * Default for `kernel` == `linux`.
-    * Supported features: `address_type`, `connection_limiting`, `dnat`, `icmp_match`, `interface_match`, `iprange`, `ipsec_dir`, `ipsec_policy`, `ipset`, `iptables`, `isfragment`, `log_level`, `log_prefix`, `mark`, `mask`, `owner`, `physdev_in`, `physdev_out`, `pkttype`, `rate_limiting`, `recent_limiting`, `reject_type`, `snat`, `socket`, `state_match`, `tcp_flags`, `netmap`.
+    * Supported features: `address_type`, `connection_limiting`, `dnat`, `icmp_match`, `interface_match`, `iprange`, `ipsec_dir`, `ipsec_policy`, `ipset`, `iptables`, `isfragment`, `log_level`, `log_prefix`, `mark`, `mask`, `netmap`, `owner`, `pkttype`, `rate_limiting`, `recent_limiting`, `reject_type`, `snat`, `socket`, `state_match`, `tcp_flags`.
 
 **Autorequires:**
 
@@ -514,6 +514,10 @@ firewall { '999 this runs last':
 
 * `outiface`: Output interface to filter on. Values must match '/^!?\s?[a-zA-Z0-9\-\._\+\:]+$/'.  Requires the `interface_match` feature.  Supports interface alias (eth0:0) and negation.
 
+* `physdev_in`: Match if the packet is entering a bridge from the given interface. Values must match '/^[a-zA-Z0-9\-\._\+]+$/'.
+
+* `physdev_out`: Match if the packet is leaving a bridge via the given interface. Values must match '/^[a-zA-Z0-9\-\._\+]+$/'.
+
 * `pkttype`: Sets the packet type to match. Valid values are: 'unicast', 'broadcast', and'multicast'. Requires the `pkttype` feature.
 
 * `port`: The destination or source port to match for this filter (if the protocol supports ports). Will accept a single element or an array. For some firewall providers you can pass a range of ports in the format: 'start number-end number'. For example, '1-1024' would cover ports 1 to 1024.

metadata.json

@@ -1,6 +1,6 @@
 {
   "name": "puppetlabs-firewall",
-  "version": "1.3.0",
+  "version": "1.4.0",
   "author": "Puppet Labs",
   "summary": "Manages Firewalls such as iptable",
   "license": "Apache-2.0",